System Configuration 4-13
6. Click the Copy to Clipboard button.
The content of certificate request is copied to the clipboard.
Create an email to your CA, paste the content of the request into the body of the message
and send it to the CA.
The CA signs the certificate and will send it back. Once received, copy the content from the
email into the clipboard.
7. Click the Paste from clipboard button.
The content of the email displays in the window.
Click the Load Certificate button to import the certificate and make it available for use as
a VPN authentication option. The certificate ID displays in the Signed list.
8. To use the certificate for a VPN tunnel, first define a tunnel and select the IKE settings to
use either RSA or DES certificates. For additional information on configuring VPN tunnels,
see Configuring VPN Tunnels on page 6-34.
4.3.3 Creating a Certificate for Onboard Radius AuthenticationThe AP-5131 can use its on-board Radius Server to generate certificates to authenticate MUs for use
with the AP-5131. In addition, a Windows 2000 or 2003 Server is used to sign the certificate before
downloading it back to the AP-5131’s on-board Radius server and loading the certificate for use with
the AP-5131.
Both a CA and Self certificate are required for Onboard Radius Authentication. For information on CA
Certificates, see Importing a CA Certificate on page 4-9. Ensure the certificate is in a Base 64
Encoded format or risk loading an invalid certificate.
To create a self certificate for on-board Radius authentication:
NOTE If the AP-5131 is restarted after a certificate request has been generated
but before the signed certificate is imported, the import will not execute
properly. Do not restart the AP-5131 during this process.
CAUTION Self certificates can only be generated using the AP-5131 GUI and CLI
interfaces. No functionality exists for creating a self-certificate using
the AP-5131’s SNMP configuration option.
!